CVE-2007-6553

TeamCal Pro <3.1.000 - RCE

Title source: llm

Description

Multiple PHP remote file inclusion vulnerabilities in TeamCal Pro 3.1.000 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONF[app_root] parameter to (1) tcuser.class.php, (2) absencecount.inc.php, (3) avatar.inc.php, (4) csvhandler.class.php, (5) functions.tcpro.php, (6) header.html.inc.php, (7) joomlajack.tcpro.php, (8) menu.inc.php, (9) other.inc.php, (10) tcabsence.class.php, (11) tcabsencegroup.class.php, (12) tcallowance.class.php, (13) tcannouncement.class.php, (14) tcconfig.class.php, (15) tcdaynote.class.php, (16) tcgroup.class.php, (17) tcholiday.class.php, (18) tclogin.class.php, (19) tcmonth.class.php, (20) tctemplate.class.php, (21) tcusergroup.class.php, or (22) tcuseroption.class.php in includes/, possibly a related issue to CVE-2006-4845.

Exploits (1)

exploitdb WORKING POC VERIFIED

by GoLd_M · textwebappsphp

https://www.exploit-db.com/exploits/4785

View Code ZIP pw:eip

References (25)

Core 25

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/39813

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/39821

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/39809

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/39811

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/39820

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/39806

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/39808

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/39826

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/39805

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/4785

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/39212

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/39807

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/39815

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/39823

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/39822

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/39817

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/39825

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/39812

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/39818

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/39824

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/39819

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/27022

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/39810

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/39814

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/39816

Scores

EPSS 0.1006

EPSS Percentile 93.1%

Details

CWE

CWE-94

Status published

Products (1)

george_lewe/teamcal_pro < 3.1.000

Published Dec 28, 2007

Tracked Since Feb 18, 2026